API Reference

Retrieves an access token.

Unless otherwise noted, this method must be called before any any other web service function, as the Authorization header value is required to call most methods.
A successful transaction will receive a 200 status code.

POST /Token
{
"grant_type": "client_credentials",
"client_id": "{email/username}",
"client_secret": "{password}"
}

POST /Token
{
"grant_type": "refresh_token",
"refresh_token": "{refresh token}",
}

POST /Token
{
"grant_type": "authorization_code",
"code": "{authorization code}",
"resource_type": "{resource type}"
}

MFA Example
POST /Token { "mfa_method": "Email or Auth", "mfa_token": "{mfa token from challenge endpoint}", "user_token": "{user token from challenge}", "otp":"{otp received within email}", "grant_type":"mfa_otp" }
OKTA Example
POST /Token { "grant_type": "authorization_code", "code": " Access Token from okta ", "resource_type": "okta" } HTTP Status Code 400 Error Codes (error property): InvalidGrantType - Invalid grant type.

InvalidResourceType - Invalid resource type.

InvalidRequest - The request is invalid.

IdTokenInvalid - Invalid id token.

HTTP Status Code 401 Error Codes (error property):

InvalidCredentials - Invalid credentials.

AccountUnverified - User account has not been verified.

IpRestriction - User's location is restricted by IP address. The IP address of the user's current location is invalid.

PasswordExpired - Password expired. The user must change their password.

AccountDisabled - Account is disabled.

AccountLockedOut - Too many invalid login attempts. The account has been disabled.

RefreshTokenInvalid - Invalid refresh token or expired.

IdTokenInvalid - Invalid id token.

MFARequired - MFA Required. To MFA via email, call the /token/challenge (POST) endpoint to continue.
To MFA via Authenticator app, call this endpoint again (MFA Example above).

Language
URL
Click Try It! to start a request and see the response here!